Re: IP-Tables spoof protection problem with 2 interfaces

To: fabian@zorro.uni-duisburg.de, debian-firewall@lists.debian.org
Subject: Re: IP-Tables spoof protection problem with 2 interfaces
From: Mike Mestnik <cheako911@yahoo.com>
Date: Tue, 21 Sep 2004 08:07:08 -0700 (PDT)
Message-id: <[🔎] 20040921150708.84769.qmail@web11903.mail.yahoo.com>
In-reply-to: <[🔎] 1529.134.91.2.58.1095763545.squirrel@zorro.uni-duisburg.de>

--- Fabian Strachanski <fabian@zorro.uni-duisburg.de> wrote:

> Hello everyone,
> i've a problem with a dual homed host and the configuration of spoof
> protection.
> 
> The host is a Linux box with two interfaces:
> OS-Version     : Red Hat Linux release 9 (Shrike)
> Kernel-Release : 2.4.20-24.9smp
> CPU            : 0 - 1 Intel(R) Pentium(R) 4 CPU 2.80GHz
> CPU            : 1 - 2 Intel(R) Pentium(R) 4 CPU 2.80GHz
> Interface      : eth0 X.X.4.43  X.X.4.255 (public class B net)
> Interface      : eth1 X.X.1.43  X.X.1.255 (public class B net)
> 
>            /---------------------------------------------\
>           /       internet                                \
>           |                                                |
>            \                                              /
>             ----------------------------------------------
>               |                                       |
>              router 1                               router 2
>               |                                       |
>               |                   ----------          |
>            subnet X.X.1.x -- eth1-| server |-eth0 -- subnet X.X.4.x
>                                   ----------
> 
> Extraction from the script:
> ...
> IF_0=eth0
> IF_1=eth1
> ...
> HOST="`/bin/hostname`"
> ...
> echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
> ...
> # spoof protection
> ${IPTABLES} -A INPUT -s $HOST -i $IF_0 -j DROP
> ${IPTABLES} -A INPUT -s $HOST -i $IF_1 -j DROP
IFIRC...

ssh uses the ethernet device for tunnels(and X11), this might cause your
ssh to stall.

Connections are made to the IP the client connected too.  When I use an
ethernet sniffer, on the local host, I get these pkts.  I don't think that
even a hubed host would acctualy be sniffable from other hosts.

> ...
> 
> Observed problems:
> * Enabling "rp_filter" causes some of my ssh-connection to freeze (no
> response,
>   my computer is part of the internet);
>   pinging both interfaces from a maschine in the internet fails, one of
> them is
>   not reachable; pinging them from a host within the subnet is possible
> * Enabling the input-firewall-rules has the effect of a delay of a few
>   minutes(!) when starting the script.
> 
> The aim of the "firewall"-script is to protect the host against
> undesired
> connections. I need an advice.
> 
> thanx
> R.
> 
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 



	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

Reply to:

References:
- IP-Tables spoof protection problem with 2 interfaces
  - From: "Fabian Strachanski" <fabian@zorro.uni-duisburg.de>

Prev by Date: FireHOL Question
Next by Date: Re: FireHOL Question
Previous by thread: Re: IP-Tables spoof protection problem with 2 interfaces
Next by thread: How to detect open tcp scan ports?
Index(es):
- Date
- Thread